ff7f874b1dbefc27eb00c35833c0ae812b726f63b9251d5cb891db09d05d9f99

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c40d85fe47a145d58e0a7779cdf639eb.exe
Size

1.8MB
MD5

c40d85fe47a145d58e0a7779cdf639eb
SHA1

77c73b8604add26525a8c1f193fd7247fe32c7f5
SHA256

ff7f874b1dbefc27eb00c35833c0ae812b726f63b9251d5cb891db09d05d9f99
SHA512

4cbd656b9cff9eab86234bf891371992ded1d3f9ca4da02efaa57418808505b2c34d442cfa3575d2fcd7556b2efbf47fb1ae0b6b1329b2da823600104866db3c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqO:SCqm2Jpr0nNM7Dus7NxL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002200000001559a-5.dat	upx
behavioral1/memory/2212-761-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2212-9186-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	c40d85fe47a145d58e0a7779cdf639eb.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\freebl3.dll	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui	c40d85fe47a145d58e0a7779cdf639eb.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.exe	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png	c40d85fe47a145d58e0a7779cdf639eb.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.exe	c40d85fe47a145d58e0a7779cdf639eb.exe

C:\Users\Admin\AppData\Local\Temp\c40d85fe47a145d58e0a7779cdf639eb.exe
"C:\Users\Admin\AppData\Local\Temp\c40d85fe47a145d58e0a7779cdf639eb.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
8f25d9c640ac0193df7b119b8e0aeffd

SHA1
247bd8c7edd83644656fbd6a536ce2641d9a6105

SHA256
06645b9c7dc73b0c2dbb2c515396e622445d48d84afe6ac16d057f4d59a7f990

SHA512
fb446c4577147242fd6c6b692640416bf62ba0d2fa2b60c7ec07f41842ec0d5dab4538695314100002d61c4bbc4230be79f959b3524945352749ac99aca58c3a

Download Submit
memory/2212-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2212-761-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2212-9186-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads